Gitiles
Code Review Sign In
git.clicks.codes / Infra / NixFiles / b618460ac3cb7879868f074ab7a9426319e8d754 / . / modules / caddy / caddyfile.nix
blob: ec0d82bf339f235b7e6f662f65b84eeec85897c3 [file] [log] [blame]
Skyler Grey40ab9af2023-05-20 18:03:53 +0200[diff] [blame]1let
2 HTTPReverseProxyRoute = hosts: upstreams: {
3 handle = [
4 {
5 handler = "subroute";
6 routes = [
7 {
8 handle = [
9 {
10 handler = "reverse_proxy";
11 upstreams = map (upstream: { dial = upstream; }) upstreams;
12 }
13 ];
14 }
15 ];
16 }
17 ];
18 match = [{ host = hosts; }];
19 terminal = true;
20 };
21 HTTPRedirectRoute = hosts: goto: {
22 handle = [
23 {
24 handler = "subroute";
25 routes = [
26 {
27 handle = [
28 {
29 handler = "static_response";
30 headers = { Location = [ goto ]; };
31 status_code = 302;
32 }
33 ];
34 }
35 ];
36 }
37 ];
38 match = [{ host = hosts; }];
39 terminal = true;
40 };
Skyler Grey0e71dcd2023-05-21 00:05:17 +0200[diff] [blame]41 HTTPFileServerRoute = hosts: root: {
42 handle = [
43 {
44 handler = "subroute";
45 routes = [
46 {
47 handle = [
48 {
49 handler = "file_server";
50 inherit root;
51 }
52 ];
53 }
54 ];
55 }
56 ];
57 match = [{ host = hosts; }];
58 terminal = true;
59 };
60
Skyler Grey40ab9af2023-05-20 18:03:53 +0200[diff] [blame]61 TCPReverseProxyRoute = ports: upstreams: {
62 listen = map (port: "0.0.0.0:${toString port}") ports;
63 routes = [
64 {
65 handle = [
66 {
67 handler = "proxy";
68 proxy_protocol = "v2";
69 upstreams = [{ dial = upstreams; }];
70 }
71 ];
72 }
73 ];
74 };
75in
TheCodedProf85256bc2023-06-13 13:02:53 -0400[diff] [blame]76{ pkgs, lib, config }: {
Skyler Grey40ab9af2023-05-20 18:03:53 +0200[diff] [blame]77 apps = {
Skyler Grey19f9fa22023-05-24 17:51:24 +0200[diff] [blame]78 http.servers = {
79 srv0 = {
80 listen = [ ":443" ];
81 routes = [
82 (HTTPReverseProxyRoute [ "signup.hopescaramels.com" ] [ "192.168.0.4:3035" ])
83 (HTTPReverseProxyRoute [ "homebridge.coded.codes" ] [ "localhost:8581" ])
84 {
85 handle = [
86 {
87 handler = "subroute";
88 routes = [
89 {
90 handle = [
91 {
92 error = "You can't access admin routes from outside the server. Please use SSH tunneling, cURL on the host or similar";
93 handler = "error";
94 status_code = "403";
95 }
96 ];
97 match = [{ path = [ "/_dendrite/admin/*" "/_synapse/admin/*" ]; }];
98 terminal = true;
99 }
100 {
101 handle = [
102 {
103 handler = "reverse_proxy";
104 transport = { protocol = "http"; };
105 upstreams = [{ dial = "localhost:4527"; }];
106 }
107 ];
108 }
109 ];
Skyler Grey0e71dcd2023-05-21 00:05:17 +0200[diff] [blame]110 }
Skyler Grey19f9fa22023-05-24 17:51:24 +0200[diff] [blame]111 ];
112 match = [{ host = [ "matrix-backend.coded.codes" ]; }];
113 terminal = true;
114 }
115 (HTTPReverseProxyRoute
116 [
117 "mail.coded.codes"
118 "mail.clicks.codes"
119 "mail.hopescaramels.com"
120 ]
121 [ "localhost:1080" ]
122 )
123 (HTTPReverseProxyRoute [ "logs.clicks.codes" ] [ "localhost:9052" ])
124 (HTTPRedirectRoute
125 [
126 "hopescaramels.com"
127 "www.hopescaramels.com"
128 ]
129 "https://etsy.com/shop/HopesCaramels"
130 )
131 # (HTTPReverseProxyRoute [ "omv.coded.codes" ] [ "localhost:6773" ])
132 # (HTTPReverseProxyRoute [ "jellyfin.coded.codes" ] [ "localhost:8096" ])
133 (HTTPReverseProxyRoute [ "codedpc.coded.codes" ] [ "192.168.0.2:3389" ])
134 (HTTPReverseProxyRoute [ "testing.coded.codes" ] [ "192.168.0.2:3030" ])
135 (HTTPReverseProxyRoute [ "kavita.coded.codes" ] [ "localhost:5000" ])
136 {
137 handle = [
138 {
139 handler = "subroute";
140 routes = [
141 {
142 handle = [
143 {
144 handler = "subroute";
145 routes = [
146 {
147 handle = [
148 {
149 handler = "rewrite";
150 strip_path_prefix = "/nucleus";
151 }
152 ];
153 }
154 {
155 handle = [
156 {
157 handler = "reverse_proxy";
158 upstreams = [{ dial = "127.0.0.1:10000"; }];
159 }
160 ];
161 }
162 ];
163 }
164 ];
165 match = [{ path = [ "/nucleus/*" ]; }];
166 }
167 {
168 handle = [
169 {
170 handler = "error";
171 error = "This API route does not exist";
172 status_code = 404;
173 }
174 ];
175 }
176 ];
177 }
178 ];
179 match = [{ host = [ "api.clicks.codes" ]; }];
180 terminal = true;
181 }
182 {
183 handle = [
184 {
185 handler = "subroute";
186 routes = [
187 {
188 handle = [
189 {
190 handler = "subroute";
191 routes = [
192 {
193 handle = [
194 {
195 handler = "rewrite";
196 strip_path_prefix = "/nucleus";
197 }
198 ];
199 }
200 {
201 handle = [
202 {
203 handler = "reverse_proxy";
204 upstreams = [{ dial = "192.168.0.2:10000"; }];
205 }
206 ];
207 }
208 ];
209 }
210 ];
211 match = [{ path = [ "/nucleus/*" ]; }];
212 }
213 {
214 handle = [
215 {
216 handler = "error";
217 error = "This API route does not exist";
218 status_code = 404;
219 }
220 ];
221 }
222 ];
223 }
224 ];
225 match = [{ host = [ "api.coded.codes" ]; }];
226 terminal = true;
227 }
228 (HTTPRedirectRoute
229 [
230 "www.clicks.codes"
231 ]
232 "https://clicks.codes{http.request.uri}"
233 )
234 (HTTPReverseProxyRoute [ "clicks.codes" ] [ "127.0.0.1:3000" ])
235 {
236 handle = [
237 {
238 handler = "subroute";
239 routes = [
240 {
241 handle = [
242 {
243 handler = "static_response";
244 status_code = 200;
245 body = builtins.readFile ./coded.codes/.well-known/matrix;
246 headers = { Access-Control-Allow-Origin = [ "*" ]; };
247 }
248 ];
249 match = [{
250 path = [
251 "/.well-known/matrix/server"
252 "/.well-known/matrix/client"
253 ];
254 }];
255 terminal = true;
256 }
257 {
258 handle = [
259 {
260 handler = "static_response";
261 headers = { Location = [ "https://clicks.codes{http.request.uri}" ]; };
262 status_code = 302;
263 }
264 ];
265 }
266 ];
267 }
268 ];
269 match = [{ host = [ "coded.codes" ]; }];
270 terminal = true;
271 }
272 (HTTPFileServerRoute [ "matrix.coded.codes" ] (
273 pkgs.element-web.override {
274 conf = {
275 default_server_config = lib.pipe ./coded.codes/.well-known/matrix [
276 builtins.readFile
277 builtins.fromJSON
278 ];
279 };
280 }
281 ))
TheCodedProf85256bc2023-06-13 13:02:53 -0400[diff] [blame]282 (HTTPReverseProxyRoute [ "passwords.clicks.codes" ] [ "localhost:${config.services.vaultwarden.config.ROCKET_PORT}" ])
Skyler Grey19f9fa22023-05-24 17:51:24 +0200[diff] [blame]283 ];
284 };
285 srv1 = {
286 listen = [ ":80" ];
287 routes = [
288 (HTTPReverseProxyRoute
289 [
290 "mail.clicks.codes"
291 "mail.coded.codes"
292 "mail.hopescaramels.com"
293 "autoconfig.coded.codes"
294 "autoconfig.clicks.codes"
295 "autoconfig.hopescaramels.com"
296 "imap.coded.codes"
297 "imap.clicks.codes"
298 "imap.hopescaramels.com"
299 "pop.coded.codes"
300 "pop.clicks.codes"
301 "pop.hopescaramels.com"
302 "smtp.coded.codes"
303 "smtp.clicks.codes"
304 "smtp.hopescaramels.com"
305 ]
306 [ "localhost:1080" ]
307 )
308 ];
Skyler Grey40ab9af2023-05-20 18:03:53 +0200[diff] [blame]309 };
310 };
Skyler Grey19f9fa22023-05-24 17:51:24 +0200[diff] [blame]311 layer4.servers = {
312 imap-143 = (TCPReverseProxyRoute [ 143 ] [ "localhost:1143" ]);
313 imap-993 = (TCPReverseProxyRoute [ 993 ] [ "localhost:1993" ]);
314 pop-110 = (TCPReverseProxyRoute [ 110 ] [ "localhost:1110" ]);
315 pop-995 = (TCPReverseProxyRoute [ 995 ] [ "localhost:1995" ]);
316 smtp-25 = (TCPReverseProxyRoute [ 25 ] [ "localhost:1025" ]);
317 smtp-465 = (TCPReverseProxyRoute [ 465 ] [ "localhost:1465" ]);
318 smtp-587 = (TCPReverseProxyRoute [ 587 ] [ "localhost:1587" ]);
Skyler Grey40ab9af2023-05-20 18:03:53 +0200[diff] [blame]319 };
Skyler Grey19f9fa22023-05-24 17:51:24 +0200[diff] [blame]320 tls.automation.policies = [{
321 issuers = [{
322 module = "acme";
323 challenges.dns.provider = {
324 name = "cloudflare";
325 api_token = "!!cloudflare_token!!";
326 };
327 }];
328 }];
Skyler Grey40ab9af2023-05-20 18:03:53 +0200[diff] [blame]329 };
330}